/*
 * Copyright (C) 2022 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.hardware.confirmationui;

import android.hardware.confirmationui.IConfirmationResultCallback;
import android.hardware.confirmationui.UIOption;
import android.hardware.security.keymint.HardwareAuthToken;

@VintfStability
interface IConfirmationUI {
    // Possible Errors.
    /**
     * API call succeeded or the user gave approval (result callback).
     */
    const int OK = 0;
    /**
     * The user canceled the TUI (result callback).
     */
    const int CANCELED = 1;
    /**
     * IConfirmationUI::abort() was called. (result callback).
     */
    const int ABORTED = 2;
    /**
     * Cannot start another prompt.
     */
    const int OPERATION_PENDING = 3;
    /**
     * IConfirmationUI::deliverSecureInputEvent call was ignored.
     */
    const int IGNORED = 4;
    /**
     * An unexpected system error occurred.
     */
    const int SYSTEM_ERROR = 5;
    /**
     * Returned by an unimplemented API call.
     */
    const int UNIMPLEMENTED = 6;
    /**
     * This is returned when an error is diagnosed that should have been
     * caught by earlier input sanitization. Should never be seen in production.
     */
    const int UNEXPECTED = 7;
    /**
     * General UI error.
     */
    const int UI_ERROR = 0x10000;
    /**
     * This is returned if there is no corresponding glyph for a character.
     */
    const int UI_ERROR_MISSING_GLYPH = 0x10001;
    /**
     * The implementation must return this error code on promptUserConfirmation if the
     * resulting formatted message does not fit into MAX_MESSAGE_SIZE bytes. It is
     * advised that the implementation formats the message upon receiving this API call to
     * be able to diagnose this syndrome.
     */
    const int UI_ERROR_MESSAGE_TOO_LONG = 0x10002;
    /**
     * This is returned if the UTF8 encoding is malformed.
     */
    const int UI_ERROR_MALFORMED_UTF8ENCODING = 0x10003;

    // Constants
    /**
     * The test key is 32byte word with all bytes set to TEST_KEY_BYTE.
     */
    const int TEST_KEY_BYTE = 0xA5;
    /**
     * This defines the maximum message size. This indirectly limits the size of the prompt text
     * and the extra data that can be passed to the confirmation UI. The prompt text and extra data
     * must fit in to this size including CBOR header information.
     */
    const int MAX_MESSAGE_SIZE = 0x1800;

    /**
     * Aborts a pending user prompt. This allows the framework to gracefully end a TUI dialog.
     * If a TUI operation was pending the corresponding call back is informed with
     * IConfirmationUI::ABORTED.
     */
    void abort();

    /**
     * DeliverSecureInput is used by the framework to deliver a secure input event to the
     * confirmation provider.
     *
     * VTS test mode:
     * This function can be used to test certain code paths non-interactively.
     * See TestModeCommands.aidl for details.
     *
     * @param secureInputToken An authentication token as generated by Android authentication
     *                         providers.
     */
    void deliverSecureInputEvent(in HardwareAuthToken secureInputToken);

    /**
     * Asynchronously initiates a confirmation UI dialog prompting the user to confirm a given text.
     * The TUI prompt must be implemented in such a way that a positive response indicates with
     * high confidence that a user has seen the given prompt text even if the Android framework
     * including the kernel was compromised.
     *
     * Service status return:
     *
     * OK IFF the dialog was successfully started. In this case, and only in this
     *                      case, the implementation must, eventually, call the callback to
     *                      indicate completion.
     * OPERATION_PENDING is returned when the confirmation provider is currently
     *                      in use.
     * SYSTEM_ERROR an error occurred trying to communicate with the confirmation
     *                      provider (e.g. trusted app).
     * UI_ERROR the confirmation provider encountered an issue with displaying
     *                      the prompt text to the user.
     *
     * @param resultCB Implementation of IResultCallback. Used by the implementation to report
     *                 the result of the current pending user prompt.
     *
     * @param promptText UTF-8 encoded bytes which is to be presented to the user.
     *
     * @param extraData A binary blob that must be included in the formatted output message as is.
     *                  It is opaque to the implementation. Implementations must neither interpret
     *                  nor modify the content.
     *
     * @param locale String specifying the locale that must be used by the TUI dialog. The string
     *                      is an IETF BCP 47 tag.
     *
     * @param uiOptions A set of uiOptions manipulating how the confirmation prompt is displayed.
     *                  Refer to UIOption in UIOptions.aidl for possible options.
     */
    void promptUserConfirmation(in IConfirmationResultCallback resultCB, in byte[] promptText,
            in byte[] extraData, in @utf8InCpp String locale, in UIOption[] uiOptions);
}
